Networking

為什麼nginx只提供http地址?

  • July 7, 2019

雖然我是 nginx 的新手,但幾乎一切似乎都執行良好。唯一的問題是,當我嘗試使用 https:// 地址訪問地址時,載入需要 30-60 秒,但在鍵入 http:// 時只需幾秒鐘即可重定向和載入 https://。

我確定這與我的 nginx conf 文件有關,但看不出問題出在哪裡,希望能有一些新鮮的眼光。引用我的 ssl 上下文時是否有問題?

   upstream custodian {
 # The web application.
 server custodian:8000;

server {
 listen 80;
 server_name custodian.fund www.custodian.fund;
 root /var/www/letsencrypt;

 location /.well-known/acme-challenge/ {
   default_type "text/plain";

   try_files $uri =404;
 }

 location / {
   return 301 https://custodian.fund$request_uri;
 }
}

server {

 listen 443 ssl;
 server_name custodian.fund;

 # Static asset path, which is read from the custodian container's VOLUME.
 root /custodian/static;

 # Ensure timeouts are equal across browsers and raise the max content-length size.
 keepalive_timeout 60;
 client_max_body_size 5m;

 # SSL goodness.
 ssl                       on;
 ssl_certificate /etc/ssl/private/custodian.fund.pem;
 ssl_certificate_key /etc/ssl/custodian.fund.key;
 ssl_trusted_certificate /etc/ssl/private/custodian.fund.pem;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
 ssl_dhparam /etc/ssl/dhparam.pem;
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:50m;
 ssl_session_timeout 5m;
 ssl_stapling on;
 ssl_stapling_verify on;
 resolver 8.8.8.8;
 resolver_timeout 5s;
 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";


# ssl_certificate /etc/ssl/certs/productionexample.crt;
# ssl_certificate_key /etc/ssl/private/productionexample.key;


 # Disallow access to hidden files and directories.
 location ~ /\. {
   return 404;
   access_log off;
   log_not_found off;
 }

 # Allow optionally writing an index.html file to take precedence over the upstream.
 try_files $uri $uri/index.html $uri.html @custodian;

 # Attempt to load the favicon or fall back to status code 204.
 location = /favicon.ico {
   try_files /favicon.ico = 204;
   access_log off;
   log_not_found off;
 }

 # Load the web app back end with proper headers.
 location @custodian {
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;

問題出在您的 DNS 中。您已經為您的主機名 custodian.fund 配置了四個完全不同的 IP 地址,但其中只有一個是您的站點實際託管的位置。

custodian.fund has address 107.161.23.204
custodian.fund has address 128.199.121.161
custodian.fund has address 209.141.38.71
custodian.fund has address 192.161.187.200

其他三個地址無法連接,因為它們中的任何一個都沒有。

要解決此問題,請從您的 DNS 記錄中刪除三個不正確的條目。

引用自:https://serverfault.com/questions/974237